Search Results (Refine Search)
- Keyword (text search): cpe:2.3:h:cohuhd:3960hd:-:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-8864 |
Client-side enforcement using JavaScript of server-side security options on the Cohu 3960HD allows an attacker to manipulate options sent to the camera and cause malfunction or code execution, as demonstrated by a client-side "if (!passwordsAreEqual())" test. Published: November 22, 2017; 3:29:00 AM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2017-8863 |
Information disclosure of .esp source code on the Cohu 3960 allows an attacker to view sensitive information such as application logic with a simple web browser. Published: November 22, 2017; 3:29:00 AM -0500 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-8862 |
The webupgrade function on the Cohu 3960HD does not verify the firmware upgrade files or process, allowing an attacker to upload a specially crafted postinstall.sh file that will be executed with "root" privileges. Published: November 22, 2017; 3:29:00 AM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2017-8861 |
Missing authentication for the remote configuration port 1236/tcp on the Cohu 3960HD allows an attacker to change configuration parameters such as IP address and username/password via specially crafted XML SOAP packets. Published: November 22, 2017; 3:29:00 AM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-8860 |
Information disclosure through directory listing on the Cohu 3960HD allows an attacker to view and download source code, log files, and other sensitive device information via a specially crafted web request with an extra / character, such as a "GET // HTTP/1.1" request. Published: November 22, 2017; 3:29:00 AM -0500 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 5.0 MEDIUM |